Re: [sidr] Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)
Christopher Morrow <morrowc.lists@gmail.com> Wed, 11 April 2012 17:49 UTC
Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E109211E808D for <sidr@ietfa.amsl.com>; Wed, 11 Apr 2012 10:49:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.491
X-Spam-Level:
X-Spam-Status: No, score=-103.491 tagged_above=-999 required=5 tests=[AWL=0.108, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgLued1MxvLw for <sidr@ietfa.amsl.com>; Wed, 11 Apr 2012 10:49:41 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 2F67A21F8570 for <sidr@ietf.org>; Wed, 11 Apr 2012 10:49:41 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so702247ghb.31 for <sidr@ietf.org>; Wed, 11 Apr 2012 10:49:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=zfsrjRD6vTP0bamtZ1npvHZGHmgmG92XPrQTsnCRNdo=; b=ynaiJAzzEUVB2uguz0S/JxJKl9iLtEUJ/QWndrYiSUpbAqSD7bPYvbzsNP7rsqMMRP alEKaPpI5uk3JxlosCsZMcgAsV5IVFnXFV69he/40M5KMgGb+C+kJzBo3WTqWbr1ycuj 0Vq4g+orQPOlxZEfAGZ+rXTPr14dyH3ZCGtv7hVtPTQopplgcItQfI5GtQ3/0LAuEKc1 3F+0wRMhk+Iq8OUF0y02bSihTPAI+BMCgfXGl3d5c0s7HN5xvowtHbyI4Ct2+6Z84Y9O Rh0yGzq0rj0tQGIv9O2gA4Q4PIKjNlq3MbKmtaiFG7mobZKzC35tpOeEOi4lTJRaNNZL 64sQ==
MIME-Version: 1.0
Received: by 10.60.24.201 with SMTP id w9mr23203064oef.49.1334166580337; Wed, 11 Apr 2012 10:49:40 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.182.153.34 with HTTP; Wed, 11 Apr 2012 10:49:40 -0700 (PDT)
In-Reply-To: <C533B89C-F817-4111-A532-0165EC5D6786@tcb.net>
References: <4F844D15.90402@ops-netman.net> <4F845123.60803@ops-netman.net> <3A499D67-D964-44A7-B1F5-BD103EBC67EE@tcb.net> <CAL9jLaZdVOW1YDm9cZEtfWQFgY=Qdc-_Be-gS8-FgRQiUxzw0A@mail.gmail.com> <CC95A8E0-4FA8-4FDF-BC53-E93340D62D64@tcb.net> <CAL9jLaaRV+W+C-amPAT3ALLd-QMr1XsoD_KLoDMYganTD-AGdg@mail.gmail.com> <C533B89C-F817-4111-A532-0165EC5D6786@tcb.net>
Date: Wed, 11 Apr 2012 13:49:40 -0400
X-Google-Sender-Auth: Il4It1KICxDf3Me-3KW6VWhIx5o
Message-ID: <CAL9jLabTf8SHADEiKHJd0g6mKnG0T+mcjpydHjFEbHq16aOfxg@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Danny McPherson <danny@tcb.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: sidr wg <sidr@ietf.org>, sidr-chairs@tools.ietf.org, sidr-ads@tools.ietf.org
Subject: Re: [sidr] Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 17:49:42 -0000
On Wed, Apr 11, 2012 at 1:45 PM, Danny McPherson <danny@tcb.net> wrote: > > On Apr 11, 2012, at 1:35 PM, Christopher Morrow wrote: > > > > From there, we can discuss the issue of, for example, HOW TO onboard and > purge signing and validating certificates to routers from the RPKI -- [I > suspect the intention was to use rpki-rtr protocol for this, but it doesn't > currently support it, nor are the security implications clear]. > > > > The rtr cert/ee-cert part was never planned/designed to be done via > rpki-rtr. > Ideally at provisioning time your ee-cert is dropped onto the box, > similar to base-config today. Potentially your fav vendor has a > methodology in their plan for this. I can't imagine it's too tough, > nor that it's exact specification needs to be in an IETF doc (since it > seems implementation specific). Could be wrong though. > > > It has huge implications on the scale and operations, particularly when right: "Dear vendor, if you do this with a GUI only option I will stab you in the eye" I suppose, to me this looks like any other configuration thing you do today on routers... beating the vendor over the head to support sane (netconf? maybe?) methods for provisioning, is already done. > considering how rollovers and other such changes are effectuated. Also, rollovers == acl-updates == routing-policy-updates == ntp server reconfig == .... normal router configuration processes. > decoupling these entirely from validating certificates means I've got two > mechanisms now for on-boarding [just] these things. I'd prefer not to leave or another configuration bit to sling, yes. > this to "magic happens" given that it's foundational to pretty much > everything else that's being built. copy my comment to vendors, into your rfp. > > sure, some modelling seems like a good thing here, I think this was > asked for at the mic in PAR as well, no? (in response to some > discussions with Sriram?) > > > Yep! > ok, so ... got proposal? I think Sriram is itching/looking for how to get a more reasoned approach to this (or that seemed to be his intent at the mic). > we can chat about that on-list or in the meeting... I suppose there's > a slew of milestones which are 'complete', there aren't really any > changes (that I planned) from an 'adding things' perspective. The > ops-documentation (see wiki) to me is probably NOT an ietf document, > again happy to talk at the meeting about that though. > > > > I'd be interested in lining out the longer-term deliverables for the group > on the list.. sure, shoot.
- [sidr] Interim Meeting Draft Agenda: 04-30-2012 (… Chris Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Danny McPherson
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Christopher Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Danny McPherson
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Arturo Servin
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Christopher Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Murphy, Sandra
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Chris Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Christopher Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Danny McPherson
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Christopher Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Danny McPherson
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Chris Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Christopher Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Brian Dickson
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Christopher Morrow
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Randy Bush
- Re: [sidr] Interim Meeting Draft Agenda: 04-30-20… Christopher Morrow